Submission to VIJ 2024-04-13
Keywords
- Web phishing, machine learning, real time URL analysis detection techniques
Copyright (c) 2024 Kunle Oloyede, Chinenye Obunadike, Simo Yufenyuy, Emmanuel Elom, Abdul-Waliyyu Bello, Somtobe Olisah, Callistus Obunadike, Oluwadamilola Ogunleye, Sulaimon Adeniji
This work is licensed under a Creative Commons Attribution 4.0 International License.
Abstract
Abstract: Web phishing is a persuasive and evolving cyber threat that poses significant risks to individuals, businesses, and organizations in the modern digital age. This paper aims to provide an overview of web phishing, focusing on its methods, detection techniques, and prevention. Phishing attacks occur when malicious actors use deceptive practices to trick people into divulging sensitive or classified information such as passwords, credit card details, or personal data. These attacks primarily manifest through emails, websites, or social engineering tactics. Phishing emails often impersonate trusted entities and lure recipients into clicking on malicious links or downloading harmful attachments. Web phishing involves using fraudulent websites that mimic legitimate ones to steal user information or deliver malware. Detecting web phishing attacks is an ongoing challenge due to the sophistication of attackers. Several detection techniques have been developed, including heuristic analysis, machine learning algorithms, and real-time URL analysis. These methods analyze various attributes of websites and emails to identify suspicious patterns or behaviors. Detecting web phishing is equally essential. Effective prevention strategies include user education and awareness programs, using two-factor authentication, regular software updates, and deploying advanced email filtering and anti-phishing tools. User training is crucial in helping individuals recognize phishing attempts and avoid falling victim to them.
References
- O. Adekunle et al., “A Review of Cybersecurity as an Effective Tool for Fighting Identity Theft across United States,” Int. J. Cybern. Inform., vol. 12, no. 5, pp. 31–42, Aug. 2023, doi: 10.5121/ijci.2023.120504.
- P. F. Likarish, Early detection of malicious web content with applied machine learning. The University of Iowa, 2011.
- E. O. Paul et al., “Cybersecurity Strategies for Safeguarding Customer’s Data and Preventing Financial Fraud in the United States Financial Sectors,” Int. J. Soft Comput., vol. 14, no. 3, pp. 01–16, Aug. 2023, doi: 10.5121/ijsc.2023.14301.
- B. G. Bokolo, L. Chen, and Q. Liu, “Deep Learning Assisted Cyber Criminal Profiling,” in 2023 IEEE 6th International Conference on Big Data and Artificial Intelligence (BDAI), Jiaxing, China: IEEE, Jul. 2023, pp. 226–231. doi: 10.1109/BDAI59165.2023.10257003.
- A. Adefabi, S. Olisah, C. Obunadike, O. Oyetubo, E. Taiwo, and E. Tella, “Predicting Accident Severity: An Analysis of Factors Affecting Accident Severity Using Random Forest Model,” Int. J. Cybern. Inform., vol. 12, no. 6, pp. 107–121, Oct. 2023, doi: 10.5121/ijci.2023.120609.
- C. Obunadike, A. Adefabi, S. Olisah, D. Abimbola, and K. Oloyede, “Application of Regularized Logistic Regression and Artificial Neural Network Model for Ozone Classification across El Paso County, Texas, United States,” J. Data Anal. Inf. Process., vol. 11, no. 03, pp. 217–239, 2023, doi: 10.4236/jdaip.2023.113012.
- Z. Dong, A. Kapadia, J. Blythe, and L. J. Camp, “Beyond the lock icon: real-time detection of phishing websites using public key certificates,” presented at the 2015 APWG Symposium on Electronic Crime Research (eCrime), IEEE, 2015, pp. 1–12.
- B. G. Bokolo, L. Chen, and Q. Liu, “Detection of Web-Attack using DistilBERT, RNN, and LSTM,” in 2023 11th International Symposium on Digital Forensics and Security (ISDFS), Chattanooga, TN, USA: IEEE, May 2023, pp. 1–6. doi: 10.1109/ISDFS58141.2023.10131822.
- Z. Alkhalil, C. Hewage, L. Nawaf, and I. Khan, “Phishing attacks: A recent comprehensive study and a new anatomy,” Front. Comput. Sci., vol. 3, p. 563060, 2021.
- C. Ratcliffe, B. G. Bokolo, D. Oladimeji, and B. Zhou, “Detection of Anti-forensics and Malware Applications in Volatile Memory Acquisition,” in Advances and Trends in Artificial Intelligence. Theory and Practices in Artificial Intelligence, vol. 13343, H. Fujita, P. Fournier-Viger, M. Ali, and Y. Wang, Eds., in Lecture Notes in Computer Science, vol. 13343. , Cham: Springer International Publishing, 2022, pp. 516–527. doi: 10.1007/978-3-031-08530-7_44.
- E. Ulqinaku, D. Lain, and S. Capkun, “2FA-PP: 2nd factor phishing prevention,” presented at the Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019, pp. 60–70.
- B. B. Gupta, A. Tewari, A. K. Jain, and D. P. Agrawal, “Fighting against phishing attacks: state of the art and future challenges,” Neural Comput. Appl., vol. 28, pp. 3629–3654, 2017.
- B. G. Bokolo and Q. Liu, “Cyberbullying Detection on Social Media Using Machine Learning,” in IEEE INFOCOM 2023 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Hoboken, NJ, USA: IEEE, May 2023, pp. 1–6. doi: 10.1109/INFOCOMWKSHPS57453.2023.10226114.
- P. Parekh, K. Parmar, and P. Awate, “Spam URL detection and image spam filtering using machine learning,” Comput Eng, 2018.
- M. Khonji, Y. Iraqi, and A. Jones, “Phishing Detection: A Literature Survey,” IEEE Commun. Surv. Tutor., vol. 15, no. 4, pp. 2091–2121, 2013, doi: 10.1109/SURV.2013.032213.00009.
- N. Abdelhamid, A. Ayesh, and F. Thabtah, “Phishing detection based Associative Classification data mining,” Expert Syst. Appl., vol. 41, no. 13, pp. 5948–5959, Oct. 2014, doi: 10.1016/j.eswa.2014.03.019.
- H. Sampat, M. Saharkar, A. Pandey, and H. Lopes, “Detection of phishing website using machine learning,” Int Res J Eng TechnolIRJET, vol. 5, no. 3, 2018.
- M. Moghimi and A. Y. Varjani, “New rule-based phishing detection method,” Expert Syst. Appl., vol. 53, pp. 231–242, 2016.
- B. G. Bokolo, P. Onyehanere, E. Ogegbene-Ise, I. Olufemi, and J. N. A. Tettey, “Leveraging Machine Learning for Crime Intent Detection in Social Media Posts,” in AI-generated Content, vol. 1946, F. Zhao and D. Miao, Eds., in Communications in Computer and Information Science, vol. 1946. , Singapore: Springer Nature Singapore, 2024, pp. 224–236. doi: 10.1007/978-981-99-7587-7_19.
- N. J. Gogtay and U. M. Thatte, “Principles of correlation analysis,” J. Assoc. Physicians India, vol. 65, no. 3, pp. 78–81, 2017.
- D. George and P. Mallery, “Descriptive statistics,” in IBM SPSS Statistics 25 Step by Step, Routledge, 2018, pp. 126–134.